Widgetfactorylimited: Security Vulnerabilities
CVE-2026-48907
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
Known exploited
CVSS Score
10.0
EPSS Score
0.804
Published
2026-06-05
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.
CVSS Score
8.8
EPSS Score
0.011
Published
2020-03-09
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information.
CVSS Score
6.0
EPSS Score
0.011
Published
2012-08-30